Application No. 10/805,017 Attorney Docket No. 36992.00107 

Amendment dated September 25, 2008 

Reply to Office Action of 4/28/08 and Advisory Action of 8/22/08 

REMARKS/ARGUMENT 

The Amendment filed 3/18/08 was not entered. Applicants request entry of the 
present Amendment which his being filed concurrently with an RCE. No new matter is 
introduced. Reconsideration and removal of the rejections are respectfully requested in view 
of the foregoing amendments and the remarks presented below. 

Summary of Amendments 

Claims 1 and 12 are currently amended so as into include features of claims 5 and 16, 
which are now canceled. Support for the claim amendments can be found in the originally 
filed specification (see, for example, paragraphs 37 and 42 of Pub. No. 20050209975). 

Claims 21 and 22 reinstate previously canceled claims 7 and 17. 

Claims 23 and 24 are new. Support for the claim amendments can be found in the 
originally filed specification (see, for example, paragraph 30 of Pub. No. 20050209975). 

Rejection under 35 U.S.C. §102 

Claims 1, 3-6, 8-12, 14-16, and 18-20 were rejected under 35 U.S.C. § 102(b) as being 
anticipated by U.S. Patent 6,105,008 ("Dav/s"). 

Independent claims 1 and 12 have been amended to include the elements of claims 5 
and 12, respectively, and that the information for authenticating the certificate identifies 
"certificates that have been revoked or are no longer valid." Davis fails to expressly or 
inherently teach this element of claims 1 and 12. 

Independent claims 1 and 12 

Claims 1 and 12 are patentably allowable over Davis for at least three reasons. 
FIRST 

There is no express or inherent disclosure in Davis that the paee of information 
sent by the merchant server includes "any information identifying certificates that have 
been revoked or are no longer valid," as claimed . For this reason alone, claims 1 and 12 is 
patentably allowable over Davis. 
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SECOND 

The Office has previously alleged that Davis's figure 11 A, reference number 606 
anticipates the claimed element of "a list containing information for authenticating the 
certificate of the second site." Reference number 606 indicates that a merchant server 
provides a terminal with the IP address of a payment server. The Office stated that "without 
the information contained in step 606, the client would not know how to access the second 
site - as such, it contains information necessary for authenticating the certificate of the 
second site" (Advisory Action mailed 8/22/08, continuation sheet). That is, the Office 
alleges that an IP address of the second site is "for authenticating the certificate of the second 
site" because it is necessarily used to obtain the certificate. The Office is wrong. FIG. 2 of 
the specification shows that a terminal (106) contacts an eBusiness web site (104) [first site], 
which in turn requests (210) the services of a partner (110) [second site] and provides the 
partner with the terminal's address information (see Spec, paragraph 40). The partner then 
submits (214) its certificate to the terminal, which authenticates the certificate. Thus, as 
clearly seen in FIG. 2 (reproduced below), the IP address of the second site (partner 110) 
is not used by the terminal to obtain or authenticate the certificate of the second site . 
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As explained in the Amendment filed 7/25/08, with regard to claim 1, Davis fails to 
disclose: (1) "a terminal having logic for decrypting the encrypted personal data using the 
first key ," where the first key is provided by the secure device; and (2) the terminal having 
"logic for re-encrypting the decrypted personal data with a second key ." In Davis, the client 
terminal uses a single transaction session key received from the merchant server to decrypt 
and re-encrypt a debit command and does not use two separate keys for decrypting and 
encrypting. Davis col. 20, lines 46-53. Davis's client terminal does not have access to 
another key . In particular, the client terminal does not have access to the DES key and 
derived keys. Davis col. 21, lines 3-8. For the same reasons, Davis fails to disclose a 
method in which personal data is decrypted and encrypted by a terminal by use of respective 
first and second keys as described in claim 12. 

Dependant claims 

Claims 5 and 12 have been canceled, rendering their rejection moot. 

Claims 3, 4, 6, 8-11, 14-16, and 18-20 depend from base claim 1 or 12 and thereby 
include all the elements of their respective base claim as well as additional elements. 
Accordingly, Applicant submits that claims 3, 4, 6, 8-11, 14-16, and 18-20 are patentably 
allowable over Davis for at least the same reasons given for claims 1 and 12. 

Rejection under 35 U.S.C. §103 

Claims 2 and 13 were rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Davis in view of Official Notice. 

As indicated above, independent claims 1 and 12 are patentably allowable over Davis. 
Claims 2 and 13 include all the elements of claims 1 and 12, respectively, and are therefore 
patentably allowable for at least the same reasons given above for claims 1 and 12. 

New Claims 

Claims 21-24 depend from base claims 1 and 12 and thereby include all the elements 
of their respective base claim. As indicated above, independent claims 1 and 12 are 
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patentably allowable over Davis. Therefore, claims 21-24 are patentably allowable for at 
least the same reasons given above for claims 1 and 12. 



In light of the foregoing remarks, this application is considered to be in condition for 
allowance, and early passage of this case to issue is respectfully requested. If necessary to 
effect a timely response, this paper should be considered as a petition for an Extension of 
Time sufficient to effect a timely response, and please charge any deficiency in fees or credit 
any overpayments to Deposit Account No. 07- 1 850. 



Conclusion 



Respectfully submitted, 



Date: September 25, 2008 



/Noman Morales/ 



Squire, Sanders & Dempsey L.L.P. 
One Maritime Plaza 
Suite 300 

San Francisco, CA 94111 
Facsimile (415) 393-9887 
Telephone (415)393-09857 
nmorales@ssd.com 



Norman Morales 
Attorney for Applicant 
Reg. No. 55,463 
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